Author
Topic: [Inactive] Virus? Hi (Read 6050 times)

Hi. Malcom Naggar from malwarebytes forum suggested I also try you all for help with this. So here it goes.

son's laptop. He cannot install microsoft office. The admin account will only log in as a temporary profile. Most everything done in that account is undone, but it's still giving admin privelages. I had to a system restore to a week ago because when I went online, I couldn't see any text in IE--just a white screen. His taskbar goes to Windows basic and he cannot undo it unless he does a system restore. Graphics user interface no longer works--as soon as you log into an account it pops up saying it's not working.

Here's the dds log--Well it was on the desktop when I went to sleep last night but it is no longer there. :( So I'm running it again.

Greetings MSHopper and Welcome to our Forums,While I look over your log, please consider that obtaining assistance from more than one forum would result in a delay in resolving your issue, not to mention the confusion and waste of volunteer services.

Being referred here, I hope you understand that once your troubleshooting session begins, you should refrain from seeking additional help from other sources. This will benefit all of us. Thanks for understanding.

I will post back in a short while with some suggestions. Thanks for your patience!

The UAC is turned off in that account. I'd turn it back on and leave it that way. Reason of course, is because while you may enjoy admin rights unencumbered, so will anyone else who may gain access to that system's user account, to include malicious software. In that case, what COULD happen is nearly unlimited just due to the elevated privileges.

Let's see if we can quickly resolve the Microsoft Office issue for you, then we can go on with a full evaluation of the log you posted. Please do the following:

Click start, then type CMD into the "Search programs and files" box. The returned search should show you the command prompt icon at the top. Right-click on it and select "Run as administrator". When the command prompt window opens, type or copy and paste the text below in Bold then press the Enter key:

The UAC is turned off in that account. I'd turn it back on and leave it that way. Reason of course, is because while you may enjoy admin rights unencumbered, so will anyone else who may gain access to that system's user account, to include malicious software. In that case, what COULD happen is nearly unlimited just due to the elevated privileges.

Let's see if we can quickly resolve the Microsoft Office issue for you, then we can go on with a full evaluation of the log you posted. Please do the following:

Click start, then type CMD into the "Search programs and files" box. The returned search should show you the command prompt icon at the top. Right-click on it and select "Run as administrator". When the command prompt window opens, type or copy and paste the text below in Bold then press the Enter key:

...you should then be able to install Microsoft Office without a hitch. Please post back and let us know if this was successful for you. Thanks!

I don't know what the uac is or how to turn it back on (user account control maybe?) SInce I have set up an admin account and two other user accounts for the kids which do not have admin privelages, I don't understand. Also, I do not see the search programs and files box.

Greetings MSHopper and Welcome to our Forums,While I look over your log, please consider that obtaining assistance from more than one forum would result in a delay in resolving your issue, not to mention the confusion and waste of volunteer services.

Being referred here, I hope you understand that once your troubleshooting session begins, you should refrain from seeking additional help from other sources. This will benefit all of us. Thanks for understanding.

I will post back in a short while with some suggestions. Thanks for your patience!

Thanks, I do realize this. He has closed the thread in the other forum and stated I'm in good hands with you all.

Please temporarily disable your on board protective programs as detailed Here. Carefully read through that entire thread to make certain any and all programs YOU have on board are disabled.

Next: It is extremely important that you DO NOT close this program until or unless you are directed to do so. Once the program is closed, it will automatically uninstall itself taking with it anything that was removed and the related report.

Please read through this instruction thoroughly before you begin. Save these instructions in a notepad file, or print them out if necessary so you can refer to them should something go wrong for you during your attempt to carry out these steps. If you have any questions, please ask first before you attempt anything at all.

Please download the AVP removal tool to the desktop and double-click the executable to install it. Select your language preference, accept the agreement and click the Start button. You should see something like this:...click the settings button...it's the small "Gear" icon just to the right of the large yellow button. Make sure the following boxes are checked:System memoryHidden startup objectsDisk boot sectorsComputer

...Next, click the Actions link and click the bullet item labeled "Select action". Disinfect and Delete if disinfection fails should already be checked by default...then return to the Automatic Scan tab and click the Start scanning button.

If you happen to receive a pop up during the scan which reads "File C:\whatever...is password protected, you can safely ignore them. The program will find it's own password protected files and report these during the scan. If there is a genuine malicious file that is password protected, we will deal with it manually later.

The scan will begin and you will see a progress bar and scanned objects counter. When the scan completes, the progress bar will disappear. Click the "Reports" tab icon to the far right, just under the large yellow button. Click on the "Automatic scan report" link, then click the save button. Save the report to your desktop as Scan 1. The report will be saved as a text file.

That file is going to be very large...too large to post the entire thing. What I need you to do at this point, is to open that log in "Notepad", then click Edit from the menu at the top and select "Find". Using that Find search function, use these as search terms:DisinfectedCleared of virusesDetected

Now...you'll need to search for those terms in that log, one at a time. Having selected the "Edit-->Find" function in Notepad, in the Find what search box, type in the word Disinfected then click the Find Next button. The search function will find anything in the text file having the name "Disinfected". Once it presents the findings, copy that individual line item and paste it into another blank notepad, then continue searching by clicking the Find Next button. Do this in like manner, for each of the search terms identified above. Once you complete the search and copied everything you found into the other blank notepad, save it to your desktop as Edited_AVP_Log.txt.

Next, please return to the AVP scanning utility and click the Manual Disinfection tab. Please click the Start gathering system information button. You'll again see a progress bar while the utility collects the necessary information. When it completes, the progress bar will disappear. Click the "Report sending" tab, then click on the link avptool sysinfo.zip (open the file manager). Attach that zip file here on your next reply along with the contents of the "notepad" file that you saved from the above "First scan" instruction. Thanks!

I cannot exit McAffee- the directions on bleeping computer tell me all I have to do is rightclick and hit exit. However that option is not there. I clicked on McAffee for help and was disconnected from the internet. UGH. Should I run the scan anyway?

You can uninstall it. Afterwards, and until we finish, go nowhere else on the Internet except to come here and reply this thread. Answer no other email except from SpywareHammer. You can re-install it when we finish cleaning up.

How does it disappear? Do you paste it into notepad, and see the text vanish as soon as it hits the notepad? Or, do you mean after you save it, you go to the desktop to find it and see that it isn't there? If the later is the case, then you should check the save options because you more than likely saved it to your documents instead.

I mean I save it to the desktop and it disappears. And yes I made sure that I saved it there.

I reran the scan but it didn't take nearly as long as it did last time. A few things popped up as not ok in the result tab. I individually copied them and am pasting them here now. I'm doing the manual disinfection now.

Next, please return to the AVP scanning utility and click the Manual Disinfection tab. Please click the Start gathering system information button. You'll again see a progress bar while the utility collects the necessary information. When it completes, the progress bar will disappear. Click the "Report sending" tab, then click on the link avptool sysinfo.zip (open the file manager). Attach that zip file here on your next reply along with the contents of the "notepad" file that you saved from the above "First scan" instruction. Thanks![/quote]

Tried to do the last part and got Location is not available: C:\Users\Niklas|AppData|Local\Temp\043950\LOG refers to a location that is unavailable. It could be a hard drive on this computer or on a network. Check to make sure that the disk is properly inserted, or that you are connected to the internet or your network and then try again. If it still cannot be located, the information may have been moved to a different location.

Close the application. Change of plans...Please disable the active protection component of your antivirus and antispyware programs by following the directions that apply Here. ...of those, many people overlook the Windows Defender since, for most, there is no icon for it in the system tray. Scroll through those directives above and look for this application specifically, to make certain it is disabled.

Please download combofix from This Webpage...and read through the instructions there for running the tool.

***Important Note***Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.

If you have Windows Vista or Windows 7, you can skip the recovery console step...in Vista/7 it's in the System Recovery Options menu. The System Recovery Options menu is on the Windows Vista or Windows 7 installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.

The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.

Once installed, a blue screen prompt should appear that reads as follows:

The Recovery Console was successfully installed.

When you see that screen, please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a log file for you. Please post that log back here on your next reply. Thanks!

Note:Do not mouseclick combofix's window while it's running....that may cause the scan to stall

Combofix had to reboot the computer and when it did and I logged in, the combofix window kept popping up and wouldn't run. It was flashing all over my desktop trying to start. I opened processes and could see that it was starting and then stopping. I couldn't do anything and rebooted the computer into safemode with networking.